Class: WSS4R::Security::Xml::UsernameToken

Inherits:

SecurityToken

• Object
• SecurityToken
• WSS4R::Security::Xml::UsernameToken

Defined in:

lib/wss4r/security/xml/tokentypes.rb

Constant Summary

PLAIN =

"PLAIN"

HASHED =

"HASHED"

Instance Attribute Summary

• #created ⇒ Object

  Returns the value of attribute created.

• #hash ⇒ Object

  Returns the value of attribute hash.

• #nonce ⇒ Object

  Returns the value of attribute nonce.

• #password ⇒ Object

  Returns the value of attribute password.

• #type ⇒ Object

  Returns the value of attribute type.

• #username ⇒ Object

  Returns the value of attribute username.

Instance Method Summary

• #initialize(username = nil, password = nil, type = HASHED) ⇒ UsernameToken constructor

  A new instance of UsernameToken.

• #process(document) ⇒ Object
• #unprocess(usernametoken) ⇒ Object

Methods inherited from SecurityToken

#add_namespace

Constructor Details

#initialize(username = nil, password = nil, type = HASHED) ⇒ UsernameToken

Returns a new instance of UsernameToken.

# File 'lib/wss4r/security/xml/tokentypes.rb', line 95

def initialize(username = nil, password = nil, type = HASHED)
  @username = username
  @password = password
  @type = type
end

Instance Attribute Details

#created ⇒ Object

Returns the value of attribute created.

# File 'lib/wss4r/security/xml/tokentypes.rb', line 93

def created
  @created
end

#hash ⇒ Object

Returns the value of attribute hash.

# File 'lib/wss4r/security/xml/tokentypes.rb', line 93

def hash
  @hash
end

#nonce ⇒ Object

Returns the value of attribute nonce.

# File 'lib/wss4r/security/xml/tokentypes.rb', line 93

def nonce
  @nonce
end

#password ⇒ Object

Returns the value of attribute password.

# File 'lib/wss4r/security/xml/tokentypes.rb', line 93

def password
  @password
end

#type ⇒ Object

Returns the value of attribute type.

# File 'lib/wss4r/security/xml/tokentypes.rb', line 93

def type
  @type
end

#username ⇒ Object

Returns the value of attribute username.

# File 'lib/wss4r/security/xml/tokentypes.rb', line 93

def username
  @username
end

Instance Method Details

#process(document) ⇒ Object

# File 'lib/wss4r/security/xml/tokentypes.rb', line 115

def process(document)
  wsse_security = XPath.first(document, "/env:Envelope/env:Header/wsse:Security")
  username_token = wsse_security.add_element("wsse:UsernameToken")
  username_token.add_namespace("xmlns:wsu", Namespaces::WSU)
  username_token.add_attribute("wsu:Id", "SecurityToken-" + username_token.object_id().to_s())
  username = username_token.add_element("wsse:Username")
  username.text=(@username)

  if @password.nil?
    # no password provided
  elsif @type == HASHED
    password = username_token.add_element("wsse:Password")
    #BUG #4400
    #password.add_attribute("Type", Types::PASSWORD_DIGEST)
    #Solution--------------------------------------------------
    created = username_token.add_element("wsu:Created")
    created_time = Time.new.getutc()
    #created_time = (Time.new()-(60*60*1)).getutc.iso8601()	
    #----------------------------------------------------------
    created.text=(created_time)

    password.add_attribute("Type", Types::PASSWORD_DIGEST)
    nonce = username_token.add_element("wsse:Nonce")
    nonce_text = OpenSSL::Random.random_bytes(20).to_s().strip()
    nonce.text=(Base64.encode64(nonce_text))
    stamp = nonce_text.to_s() + created_time.to_s() + @password.to_s()
    hash = CryptHash.new().digest_b64(stamp)
    password.text=(hash.to_s())
  else
    password = username_token.add_element("wsse:Password")
    password.add_attribute("Type", Types::PASSWORD_TEXT)
    password.text=@password
  end
		
  # BUG #5877 -----------------------------------------------
  #created_time = (Time.new()-(60*60*1)).iso8601()
  #created_time = created_time[0..created_time.index("+")]
  #created_time[-1]="Z"
  #----------------------------------------------------------
		
end

#unprocess(usernametoken) ⇒ Object

# File 'lib/wss4r/security/xml/tokentypes.rb', line 101

def unprocess(usernametoken)
  @username = XPath.first(usernametoken, "wsse:Username", {"wsse"=>Namespaces::WSSE}).text()
  @password = XPath.first(usernametoken, "wsse:Password", {"wsse"=>Namespaces::WSSE}).text()
  password_type = XPath.first(usernametoken, "wsse:Password", {"wsse"=>Namespaces::WSSE}).attribute("Type").value()
  if password_type == Types::PASSWORD_DIGEST
    @type = HASHED
    @nonce    = XPath.first(usernametoken, "wsse:Nonce", {"wsse"=>Namespaces::WSSE}).text()
    @created  = XPath.first(usernametoken, "wsu:Created", {"wsu"=>Namespaces::WSU}).text()
  else 
    @type = PLAIN
  end
  @hash = @password
end